rsyslog 8.2512.0: network namespaces, omhttp enhancements and much more

We have released rsyslog 8.2512.0, the December scheduled-stable version. Scheduled-stable releases are bi-monthly snapshots of the daily-stable branch, providing predictable update points with the same functional content as daily-stable at the time of the snapshot.

This release contains three major highlights:

1. Completion of the foundational Network Namespace implementation, developed by Billie Alsup.
2. A major omhttp refactoring and feature upgrade, contributed by Adrien GANDARIAS, with substantial integration work on the PR.
3. The newest contribution: significant mmsnareparse enhancements by André Lorbach (Adiscon), expanding and refining modern SNARE and Windows event parsing capabilities.

Documentation improvements continue across the tree. As always, rsyslog.com/doc documents the current codebase.

Release highlights

Network Namespace support

This release finalizes the foundational Network Namespace implementation developed by Billie Alsup. The merge and integration work was complex, reflecting the number of affected components and ensuring consistency across modules.

Key elements include:

• omuxsock: NetworkNamespace support, abstract unix socket handling, connected sockets, new configuration options, and extensive multi-namespace and abstract-socket test coverage.
• imtcp: NetworkNamespace parameters at both module and instance level; related updates in tcpsrv and netstrm; new root-capable test suites.

This also builds on some refactoring already introduced in earlier releases.

omhttp: major refactoring and Splunk HEC improvements

The omhttp module received a substantial refactoring and functional enhancement contributed by Adrien GANDARIAS. The PR required careful and complex integration work to reconcile internal paths, behavior semantics, and legacy compatibility.

Key elements:

• an explicit Splunk HEC profile with practical defaults
• optional per-destination server statistics
• internal restructuring for clarity and long-term maintainability

Compatibility note: The Splunk HEC reporting path changed internally. No issues have been observed so far, but specific edge cases may behave differently.

mmsnareparse: sysmon support and better custom format handling

The newest major contribution in this release is the extended mmsnareparse work by André Lorbach (Adiscon). These improvements strengthen SNARE-style parsing and deepen Windows event support within rsyslog:

• configurable trailing-pattern search window
• POSIX regex support for dynamic trailing-data removal
• enhanced ignoreTrailingPattern capabilities
• support for Microsoft Sysinternals Sysmon events via external JSON definition files

This work draws on Adiscon’s long-standing experience with Windows event log processing in its commercial tooling and demonstrates how open-source and commercial co-evlution and development strengthen each other.

These extensions build on the module’s earlier introduction in the October 2025 release.

Other notable changes

omhiredis: TLS support

• user-configurable SSL behavior
• improved conditional compilation
• certificate/key validation checks
• thread-safe SSL initialization
  Thanks to Jérémie Jourdin, Amine EL AKKANI, and frikilax.

Collector Docker image: TLS enablement

OpenSSL-based TLS support has been added to the rsyslog collector Docker image.

imkafka: new metrics and updated pstats

• module-level and topic+consumer-group metrics
• librdkafka metrics
• updated impstats, including Zabbix LLD compatibility
  Thanks to MRedbourne.

Security and correctness fixes

• mmanon: fixed data race (thanks to Jan Gerhards)
• ossl: correct peer-certificate memory handling (thanks to Attila Lakatos)
• imptcp: fixed null pointer in error logging (thanks to Attila Lakatos)
• nsd_gtls: eliminated repeated certificate/key/CA warnings (thanks to Attila Lakatos)
• imtcp-tls-gibberish: test now runs only when TLS is enabled (thanks to Michael Biebl for alerting us)

Additional updates

• omelasticsearch: API key authentication
• net: SAN IP address support (thanks to Sebastien Deronne)
• omhiredis: Redis UDS address support (thanks to Appla)
• MbedTLS netstream driver (thanks to Stephane Adenot)
• Broad documentation updates and cleanups by multiple Adiscon team members

Compatibility notes

rsyslog avoids breaking changes unless there is a hard technical requirement.
No breaking changes are expected in this scheduled-stable release.
Documentation at rsyslog.com/doc is always current.

The internal omhttp refactoring may affect rare Splunk HEC edge cases, though no issues have been observed.

Any confirmed breaking changes would be documented in the Changelog.

Looking ahead

Work for upcoming milestones is already ongoing:

• new protocol output support, including OpenTelemetry
• enhanced Grafana/Loki workflows
• continued work to further improve the documentation
• additional improvements building on the current parsing and transport layers

These will become visible in daily-stable first and then in future scheduled-stable releases.

Availability

rsyslog 8.2512.0 scheduled-stable is available on the rsyslog download page and via standard repositories once distributions have been catched up.
Users who prefer a faster cadence can follow the daily-stable line, from which this release is derived.

Thank you

A sincere thank you to all contributors, whose work, reviews, testing, and integration effort make this project possible. This release again includes substantial community contributions across modules, transports, security fixes, and documentation updates.

The rsyslog team.